chore: migrate harbor from 2.1.5 to 2.2.2

roles/harbor/defaults/main.yml

@@ -1 +1,3 @@
 ---
+
+harbor_version: v2.2.2

roles/harbor/tasks/main.yml

@@ -15,6 +15,94 @@
   when:
     - send_status_messages
 
+- name: "Setup DNS configuration for {{ service_name }} harbor"
+  include_role:
+    name: _digitalocean
+    tasks_from: domain
+  vars:
+    record_data: "{{ stage_server_ip }}"
+    record_name: "{{ service_name }}"
+
+- name: 'Ensures {{ service_base_path }}/{{ service_name }} directory exists'
+  file:
+    state: directory
+    path: '{{ service_base_path }}/{{ service_name }}'
+  tags:
+    - update_deployment
+    - update_config
+
+- name: 'Ensure directory structure for harbor exists'
+  file:
+    path: "{{ service_base_path }}/{{ service_name }}/{{ item.path }}"
+    state: directory
+    owner: "{{ docker_owner }}"
+    group: "{{ docker_group }}"
+    mode: 0755
+  with_filetree: "templates/harbor"
+  when: item.state == "directory"
+  tags:
+    - update_config
+
+- name: Ensure config template files are populated from templates/harbor
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ service_base_path }}/{{ service_name }}/{{ item.path | regex_replace('\\.j2$', '') }}"
+    owner: "{{ docker_owner }}"
+    group: "{{ docker_group }}"
+    mode: 0644
+  with_filetree: "templates/harbor"
+  when: item.state == 'file' and item.src is match('.*\.j2$')
+  tags:
+    - update_config
+
+- name: Ensure config files are populated from from templates/harbor
+  copy:
+    src: "{{ item.src }}"
+    dest: "{{ service_base_path }}/{{ service_name }}/{{ item.path }}"
+    owner: "{{ docker_owner }}"
+    group: "{{ docker_group }}"
+    mode: 0644
+  with_filetree: "templates/harbor"
+  when: item.state == 'file' and item.src is not match('.*\.j2$')
+  tags:
+    - update_config
+
+- name: Download harbor offline installer
+  get_url:
+    url: https://github.com/goharbor/harbor/releases/download/{{ harbor_version }}/harbor-offline-installer-{{ harbor_version }}.tgz
+    dest: "{{ service_base_path }}/{{ service_name }}/harbor-offline-installer-{{ harbor_version }}.tgz"
+
+- name: Extract harbor-offline-installer-{{ harbor_version }}.tgz into {{ service_base_path }}/{{ service_name }}
+  ansible.builtin.unarchive:
+    src: "{{ service_base_path }}/{{ service_name }}/harbor-offline-installer-{{ harbor_version }}.tgz"
+    dest: "{{ service_base_path }}/{{ service_name }}"
+    remote_src: yes
+
+- name: "Check if {{ service_name }}/harbor/docker-compose.yml exists"
+  stat:
+    path: '{{ service_base_path }}/harbor/{{ service_name }}/docker-compose.yml'
+  register: check_docker_compose_file
+  tags:
+    - update_deployment
+
+- name: "Stop {{ service_name }}"
+  shell: docker-compose down
+  args:
+    chdir: '{{ service_base_path }}/{{ service_name }}/harbor'
+  when: check_docker_compose_file.stat.exists
+  ignore_errors: yes
+  tags:
+    - update_deployment
+
+# TODO
+# sudo ./install.sh --with-trivy --with-chartmuseum
+
+# update nginx onfig
+# -> #proxy_set_header Host $host;
+# -> #proxy_set_header X-Forwarded-Proto $scheme;
+
+# update compose file
+
 - name: "Send mattermost messsge"
   uri:
     url: "{{ mattermost_hook_smardigo }}"

smardigo.yml

@@ -50,5 +50,7 @@
       when: "'keycloak' in group_names"
     - role: postfix
       when: "'postfix' in group_names"
+    - role: harbor
+      when: "'harbor' in group_names"
     - role: prometheus
       when: "'prometheus' in group_names"

stage-dev

@@ -3,7 +3,7 @@ dev-connect-01
 dev-connect-02
 dev-connect-03
 
-[docker_registry]
+[harbor]
 dev-docker-registry-01
 
 [elastic]
@@ -22,8 +22,8 @@ dev-prometheus-01
 
 [stage_dev:children]
 connect
-docker_registry
 elastic
+harbor
 keycloak
 postfix
 prometheus

templates/harbor/config/chartserver/env

@@ -1,37 +0,0 @@
-## Settings should be set
-PORT=9999
-
-# Only support redis now. If redis is setup, then enable cache
-CACHE=redis
-CACHE_REDIS_ADDR=redis:6379
-CACHE_REDIS_PASSWORD=
-CACHE_REDIS_DB=3
-
-# Credential for internal communication
-BASIC_AUTH_USER=chart_controller
-BASIC_AUTH_PASS=
-
-# Multiple tenants
-# Must be set with 1 to support project namespace
-DEPTH=1
-
-# Backend storage driver: e.g. "local", "amazon", "google" etc.
-STORAGE=local
-# Storage driver settings
-STORAGE_LOCAL_ROOTDIR=/chart_storage
-## Settings with default values. Just put here for future changes
-DEBUG=false
-LOG_JSON=true
-DISABLE_METRICS=false
-DISABLE_API=false
-DISABLE_STATEFILES=false
-ALLOW_OVERWRITE=true
-CHART_URL=
-AUTH_ANONYMOUS_GET=false
-CONTEXT_PATH=
-INDEX_LIMIT=0
-MAX_STORAGE_OBJECTS=0
-MAX_UPLOAD_SIZE=20971520
-CHART_POST_FORM_FIELD_NAME=chart
-PROV_POST_FORM_FIELD_NAME=prov
-STORAGE_TIMESTAMP_TOLERANCE=1s

templates/harbor/config/core/app.conf

@@ -1,6 +0,0 @@
-appname = Harbor
-runmode = prod
-enablegzip = true
-
-[prod]
-httpport = 8080

templates/harbor/config/core/env.j2

@@ -1,50 +0,0 @@
-CONFIG_PATH=/etc/core/app.conf
-UAA_CA_ROOT=/etc/core/certificates/uaa_ca.pem
-_REDIS_URL_CORE=redis://redis:6379?idle_timeout_seconds=30
-SYNC_QUOTA=true
-CHART_CACHE_DRIVER=redis
-_REDIS_URL_REG=redis://redis:6379/1?idle_timeout_seconds=30
-
-LOG_LEVEL=info
-EXT_ENDPOINT=https://dev-docker-registry-01.smardigo.digital
-DATABASE_TYPE=postgresql
-POSTGRESQL_HOST=postgresql
-POSTGRESQL_PORT=5432
-POSTGRESQL_USERNAME=postgres
-POSTGRESQL_PASSWORD={{ harbor_postgresql_password }}
-POSTGRESQL_DATABASE=registry
-POSTGRESQL_SSLMODE=disable
-POSTGRESQL_MAX_IDLE_CONNS=50
-POSTGRESQL_MAX_OPEN_CONNS=1000
-REGISTRY_URL=http://registry:5000
-PORTAL_URL=http://portal:8080
-TOKEN_SERVICE_URL=http://core:8080/service/token
-HARBOR_ADMIN_PASSWORD={{ harbor_admin_password }}
-MAX_JOB_WORKERS=10
-CORE_SECRET=ydNg7WrBhEcyJuL3
-JOBSERVICE_SECRET=9fjG7ZiGRpyZ3nX1
-WITH_NOTARY=False
-WITH_CLAIR=False
-WITH_TRIVY=True
-CORE_URL=http://core:8080
-CORE_LOCAL_URL=http://127.0.0.1:8080
-JOBSERVICE_URL=http://jobservice:8080
-CLAIR_ADAPTER_URL=http://clair-adapter:8080
-TRIVY_ADAPTER_URL=http://trivy-adapter:8080
-NOTARY_URL=http://notary-server:4443
-REGISTRY_STORAGE_PROVIDER_NAME=filesystem
-READ_ONLY=false
-RELOAD_KEY=
-CHART_REPOSITORY_URL=http://chartmuseum:9999
-REGISTRY_CONTROLLER_URL=http://registryctl:8080
-WITH_CHARTMUSEUM=True
-REGISTRY_CREDENTIAL_USERNAME=harbor_registry_user
-REGISTRY_CREDENTIAL_PASSWORD=spYrLufyLbHrqlAFUPlnijhIFKS3ys1H
-CSRF_KEY=fNvrK554TPxFnLUUByjumlvirGOQGdRi
-PERMITTED_REGISTRY_TYPES_FOR_PROXY_CACHE=docker-hub,harbor
-
-HTTP_PROXY=
-HTTPS_PROXY=
-NO_PROXY=clair,jobservice,registryctl,core,notary-server,clair-adapter,trivy-adapter,postgresql,chartmuseum,localhost,db,nginx,notary-signer,.internal,portal,log,127.0.0.1,.local,registry,redis
-
-PORT=8080

templates/harbor/config/db/env.j2

@@ -1 +0,0 @@
-POSTGRES_PASSWORD={{ harbor_postgresql_password }}

templates/harbor/config/jobservice/config.yml

@@ -1,35 +0,0 @@
----
-#Protocol used to serve
-protocol: "http"
-
-#Server listening port
-port: 8080
-
-#Worker pool
-worker_pool:
-  #Worker concurrency
-  workers: 10
-  backend: "redis"
-  #Additional config if use 'redis' backend
-  redis_pool:
-    #redis://[arbitrary_username:password@]ipaddress:port/database_index
-    redis_url: redis://redis:6379/2?idle_timeout_seconds=30
-    namespace: "harbor_job_service_namespace"
-    idle_timeout_second: 3600
-#Loggers for the running job
-job_loggers:
-  - name: "STD_OUTPUT" # logger backend name, only support "FILE" and "STD_OUTPUT"
-    level: "INFO" # INFO/DEBUG/WARNING/ERROR/FATAL
-  - name: "FILE"
-    level: "INFO"
-    settings: # Customized settings of logger
-      base_dir: "/var/log/jobs"
-    sweeper:
-      duration: 1 #days
-      settings: # Customized settings of sweeper
-        work_dir: "/var/log/jobs"
-
-#Loggers for the job service
-loggers:
-  - name: "STD_OUTPUT" # Same with above
-    level: "INFO"

templates/harbor/config/jobservice/env

@@ -1,13 +0,0 @@
-CORE_SECRET=ydNg7WrBhEcyJuL3
-REGISTRY_URL=http://registry:5000
-JOBSERVICE_SECRET=9fjG7ZiGRpyZ3nX1
-CORE_URL=http://core:8080
-REGISTRY_CONTROLLER_URL=http://registryctl:8080
-JOBSERVICE_WEBHOOK_JOB_MAX_RETRY=10
-
-
-HTTP_PROXY=
-HTTPS_PROXY=
-NO_PROXY=clair,jobservice,registryctl,core,notary-server,clair-adapter,trivy-adapter,postgresql,chartmuseum,localhost,db,nginx,notary-signer,.internal,portal,log,127.0.0.1,.local,registry,redis
-REGISTRY_CREDENTIAL_USERNAME=harbor_registry_user
-REGISTRY_CREDENTIAL_PASSWORD=spYrLufyLbHrqlAFUPlnijhIFKS3ys1H

templates/harbor/config/log/logrotate.conf

@@ -1,8 +0,0 @@
-/var/log/docker/*.log {
-        rotate 50
-        size 200M
-        copytruncate
-        compress
-        missingok
-        nodateext
-}

templates/harbor/config/log/rsyslog_docker.conf

@@ -1,7 +0,0 @@
-# Rsyslog configuration file for docker.
-
-template(name="DynaFile" type="string" string="/var/log/docker/%programname%.log")
-
-if $programname != "rsyslogd" then {
-	action(type="omfile" dynaFile="DynaFile")
-}

templates/harbor/config/nginx/nginx.conf

@@ -1,137 +0,0 @@
-worker_processes auto;
-pid /tmp/nginx.pid;
-
-events {
-  worker_connections 1024;
-  use epoll;
-  multi_accept on;
-}
-
-http {
-  client_body_temp_path /tmp/client_body_temp;
-  proxy_temp_path /tmp/proxy_temp;
-  fastcgi_temp_path /tmp/fastcgi_temp;
-  uwsgi_temp_path /tmp/uwsgi_temp;
-  scgi_temp_path /tmp/scgi_temp;
-  tcp_nodelay on;
-
-  # this is necessary for us to be able to disable request buffering in all cases
-  proxy_http_version 1.1;
-
-  upstream core {
-    server core:8080;
-  }
-
-  upstream portal {
-    server portal:8080;
-  }
-
-  log_format timed_combined '$remote_addr - '
-    '"$request" $status $body_bytes_sent '
-    '"$http_referer" "$http_user_agent" '
-    '$request_time $upstream_response_time $pipe';
-
-  access_log /dev/stdout timed_combined;
-
-  server {
-    listen 8080;
-    server_tokens off;
-    # disable any limits to avoid HTTP 413 for large image uploads
-    client_max_body_size 0;
-
-    # Add extra headers
-    add_header X-Frame-Options DENY;
-    add_header Content-Security-Policy "frame-ancestors 'none'";
-
-    # costumized location config file can place to /etc/nginx/etc with prefix harbor.http. and suffix .conf
-    include /etc/nginx/conf.d/harbor.http.*.conf;
-
-    location / {
-      proxy_pass http://portal/;
-      # proxy_set_header Host $host;
-      proxy_set_header X-Real-IP $remote_addr;
-      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
-      # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
-      # proxy_set_header X-Forwarded-Proto $scheme;
-      
-      proxy_buffering off;
-      proxy_request_buffering off;
-    }
-
-    location /c/ {
-      proxy_pass http://core/c/;
-      # proxy_set_header Host $host;
-      proxy_set_header X-Real-IP $remote_addr;
-      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
-      # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
-      # proxy_set_header X-Forwarded-Proto $scheme;
-      
-      proxy_buffering off;
-      proxy_request_buffering off;
-    }
-
-    location /api/ {
-      proxy_pass http://core/api/;
-      # proxy_set_header Host $host;
-      proxy_set_header X-Real-IP $remote_addr;
-      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
-      # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
-      # proxy_set_header X-Forwarded-Proto $scheme;
-      
-      proxy_buffering off;
-      proxy_request_buffering off;
-    }
-
-    location /chartrepo/ {
-      proxy_pass http://core/chartrepo/;
-      # proxy_set_header Host $host;
-      proxy_set_header X-Real-IP $remote_addr;
-      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
-      # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
-      # proxy_set_header X-Forwarded-Proto $scheme;
-      
-      proxy_buffering off;
-      proxy_request_buffering off;
-    }
-
-    location /v1/ {
-      return 404;
-    }
-
-    location /v2/ {
-      proxy_pass http://core/v2/;
-      # proxy_set_header Host $http_host;
-      proxy_set_header X-Real-IP $remote_addr;
-      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
-      # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
-      # proxy_set_header X-Forwarded-Proto $scheme;
-      proxy_buffering off;
-      proxy_request_buffering off;
-
-      proxy_send_timeout 900;
-      proxy_read_timeout 900;
-    }
-
-    location /service/ {
-      proxy_pass http://core/service/;
-      # proxy_set_header Host $host;
-      proxy_set_header X-Real-IP $remote_addr;
-      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
-      # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
-      # proxy_set_header X-Forwarded-Proto $scheme;
-
-      proxy_buffering off;
-      proxy_request_buffering off;
-    }
-
-    location /service/notifications {
-      return 404;
-    }
-  }
-}

templates/harbor/config/portal/nginx.conf

@@ -1,38 +0,0 @@
-
-worker_processes auto;
-pid /tmp/nginx.pid;
-
-events {
-    worker_connections  1024;
-}
-
-http {
-
-    client_body_temp_path /tmp/client_body_temp;
-    proxy_temp_path /tmp/proxy_temp;
-    fastcgi_temp_path /tmp/fastcgi_temp;
-    uwsgi_temp_path /tmp/uwsgi_temp;
-    scgi_temp_path /tmp/scgi_temp;
-
-    server {
-        listen 8080;
-        server_name  localhost;
-
-        root   /usr/share/nginx/html;
-        index  index.html index.htm;
-        include /etc/nginx/mime.types;
-
-        gzip on;
-        gzip_min_length 1000;
-        gzip_proxied expired no-cache no-store private auth;
-        gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
-
-        location / {
-            try_files $uri $uri/ /index.html;
-        }
-
-        location = /index.html {
-            add_header Cache-Control "no-store, no-cache, must-revalidate";
-        }
-    }
-}

templates/harbor/config/registry/config.yml

@@ -1,36 +0,0 @@
-version: 0.1
-log:
-  level: info
-  fields:
-    service: registry
-storage:
-  cache:
-    layerinfo: redis
-  filesystem:
-    rootdirectory: /storage
-  maintenance:
-    uploadpurging:
-      enabled: false
-  delete:
-    enabled: true
-redis:
-  addr: redis:6379
-  readtimeout: 10s
-  writetimeout: 10s
-  dialtimeout: 10s
-  password: 
-  db: 1
-http:
-  addr: :5000
-  secret: placeholder
-  debug:
-    addr: localhost:5001
-auth:
-  htpasswd:
-    realm: harbor-registry-basic-realm
-    path: /etc/registry/passwd
-validation:
-  disabled: true
-compatibility:
-  schema1:
-    enabled: true

templates/harbor/config/registry/passwd

@@ -1 +0,0 @@
-harbor_registry_user:$2y$05$EE3OyDzK1lhlSFIDIc0HcuMAl2hiwZraRg0yWgnfSfa1459Z5sFey

templates/harbor/config/registryctl/config.yml

@@ -1,5 +0,0 @@
----
-protocol: "http"
-port: 8080
-log_level: "INFO"
-registry_config: "/etc/registry/config.yml"

templates/harbor/config/registryctl/env

@@ -1,2 +0,0 @@
-CORE_SECRET=ydNg7WrBhEcyJuL3
-JOBSERVICE_SECRET=9fjG7ZiGRpyZ3nX1

templates/harbor/config/trivy-adapter/env

@@ -1,17 +0,0 @@
-SCANNER_LOG_LEVEL=info
-SCANNER_REDIS_URL=redis://redis:6379/5?idle_timeout_seconds=30
-SCANNER_STORE_REDIS_URL=redis://redis:6379/5?idle_timeout_seconds=30
-SCANNER_STORE_REDIS_NAMESPACE=harbor.scanner.trivy:store
-SCANNER_JOB_QUEUE_REDIS_URL=redis://redis:6379/5?idle_timeout_seconds=30
-SCANNER_JOB_QUEUE_REDIS_NAMESPACE=harbor.scanner.trivy:job-queue
-SCANNER_TRIVY_CACHE_DIR=/home/scanner/.cache/trivy
-SCANNER_TRIVY_REPORTS_DIR=/home/scanner/.cache/reports
-SCANNER_TRIVY_VULN_TYPE=os,library
-SCANNER_TRIVY_SEVERITY=UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
-SCANNER_TRIVY_IGNORE_UNFIXED=False
-SCANNER_TRIVY_SKIP_UPDATE=False
-SCANNER_TRIVY_GITHUB_TOKEN=
-SCANNER_TRIVY_INSECURE=False
-HTTP_PROXY=
-HTTPS_PROXY=
-NO_PROXY=clair,jobservice,registryctl,core,notary-server,clair-adapter,trivy-adapter,postgresql,chartmuseum,localhost,db,nginx,notary-signer,.internal,portal,log,127.0.0.1,.local,registry,redis

templates/harbor/harbor/docker-compose.yml.j2

@@ -10,7 +10,7 @@ networks:
 
 services:
   log:
-    image: goharbor/harbor-log:v2.1.5
+    image: goharbor/harbor-log:v2.2.2
     container_name: harbor-log
     restart: always
     dns_search: .
@@ -35,7 +35,7 @@ services:
       - harbor
 
   registry:
-    image: goharbor/registry-photon:v2.1.5
+    image: goharbor/registry-photon:v2.2.2
     container_name: registry
     restart: always
     cap_drop:
@@ -65,7 +65,7 @@ services:
         tag: "registry"
 
   registryctl:
-    image: goharbor/harbor-registryctl:v2.1.5
+    image: goharbor/harbor-registryctl:v2.2.2
     container_name: registryctl
     env_file:
       - ./common/config/registryctl/env
@@ -97,7 +97,7 @@ services:
         tag: "registryctl"
 
   postgresql:
-    image: goharbor/harbor-db:v2.1.5
+    image: goharbor/harbor-db:v2.2.2
     container_name: harbor-db
     restart: always
     cap_drop:
@@ -123,7 +123,7 @@ services:
         tag: "postgresql"
 
   core:
-    image: goharbor/harbor-core:v2.1.5
+    image: goharbor/harbor-core:v2.2.2
     container_name: harbor-core
     env_file:
       - ./common/config/core/env
@@ -167,9 +167,10 @@ services:
         tag: "core"
     extra_hosts:
       - dev-keycloak-01.smardigo.digital:10.1.0.2
+      - dev-mail-01.smardigo.digital:10.2.0.2
 
   portal:
-    image: goharbor/harbor-portal:v2.1.5
+    image: goharbor/harbor-portal:v2.2.2
     container_name: harbor-portal
     restart: always
     cap_drop:
@@ -195,7 +196,7 @@ services:
         tag: "portal"
 
   jobservice:
-    image: goharbor/harbor-jobservice:v2.1.5
+    image: goharbor/harbor-jobservice:v2.2.2
     container_name: harbor-jobservice
     env_file:
       - ./common/config/jobservice/env
@@ -226,7 +227,7 @@ services:
         tag: "jobservice"
 
   redis:
-    image: goharbor/redis-photon:v2.1.5
+    image: goharbor/redis-photon:v2.2.2
     container_name: redis
     restart: always
     cap_drop:
@@ -252,7 +253,7 @@ services:
         tag: "redis"
 
   proxy:
-    image: goharbor/nginx-photon:v2.1.5
+    image: goharbor/nginx-photon:v2.2.2
     container_name: nginx
     restart: always
     cap_drop:
@@ -271,6 +272,8 @@ services:
       - harbor
       - front-tier
     dns_search: .
+#    ports:
+#      - 80:8080
     depends_on:
       - registry
       - core
@@ -291,39 +294,9 @@ services:
       - "traefik.http.routers.dev-docker-registry-01-harbor.tls.certresolver=letsencrypt"
       - "traefik.http.services.dev-docker-registry-01-harbor.loadbalancer.server.port=8080"
 
-  trivy-adapter:
-    container_name: trivy-adapter
-    image: goharbor/trivy-adapter-photon:v2.1.5
-    restart: always
-    cap_drop:
-      - ALL
-    dns_search: .
-    depends_on:
-      - log
-      - redis
-    networks:
-      - harbor
-    volumes:
-      - type: bind
-        source: /data/trivy-adapter/trivy
-        target: /home/scanner/.cache/trivy
-      - type: bind
-        source: /data/trivy-adapter/reports
-        target: /home/scanner/.cache/reports
-      - type: bind
-        source: ./common/config/shared/trust-certificates
-        target: /harbor_cust_cert
-    logging:
-      driver: "syslog"
-      options:
-        syslog-address: "tcp://127.0.0.1:1514"
-        tag: "trivy-adapter"
-    env_file:
-      ./common/config/trivy-adapter/env
-
   chartmuseum:
     container_name: chartmuseum
-    image: goharbor/chartmuseum-photon:v2.1.5
+    image: goharbor/chartmuseum-photon:v2.2.2
     restart: always
     cap_drop:
       - ALL
@@ -349,4 +322,4 @@ services:
         syslog-address: "tcp://127.0.0.1:1514"
         tag: "chartmuseum"
     env_file:
-      ./common/config/chartserver/env
+      ./common/config/chartserver/env

templates/harbor/harbor/harbor.yml.j2

@@ -18,7 +18,6 @@ https:
   #certificate: /etc/smardigo/harbor/smardigo.digital.cert
   #private_key: /etc/smardigo/harbor/smardigo.digital.key
 
-# # Uncomment following will enable tls communication between all harbor components
 # internal_tls:
 #   # set enabled to true means internal tls is enabled
 #   enabled: true
@@ -32,7 +31,7 @@ external_url: https://dev-docker-registry-01.smardigo.digital
 # The initial password of Harbor admin
 # It only works in first time to install harbor
 # Remember Change the admin password from UI after launching Harbor.
-harbor_admin_password: {{ harbor_admin_password }}
+harbor_admin_password: fhbp937zefh45
 
 # Harbor DB configuration
 database:
@@ -41,12 +40,14 @@ database:
   # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
   max_idle_conns: 50
   # The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.
-  # Note: the default number of connections is 1024 for postgres of harbor.
+  # Note: the default number of connections is 100 for postgres.
   max_open_conns: 1000
 
 # The default data volume
 data_volume: /data
 
+# Harbor Storage settings by default is using /data dir on local filesystem
+# Uncomment storage_service setting If you want to using external storage
 # Harbor Storage settings by default is using /data dir on local filesystem
 # Uncomment storage_service setting If you want to using external storage
 # storage_service:
@@ -62,11 +63,6 @@ data_volume: /data
 #   redirect:
 #     disabled: false
 
-# Clair configuration
-clair:
-  # The interval of clair updaters, the unit is hour, set to 0 to disable the updaters.
-  updaters_interval: 12
-
 # Trivy configuration
 #
 # Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vulnerability databases.
@@ -124,19 +120,18 @@ log:
     rotate_size: 200M
     # The directory on your host that store log
     location: /var/log/harbor
+    # Uncomment following lines to enable external syslog endpoint.
+    # external_endpoint:
+    #   # protocol used to transmit log to external endpoint, options is tcp or udp
+    #   protocol: tcp
+    #   # The host of external endpoint
+    #   host: localhost
+    #   # Port of external endpoint
+    #   port: 5140
 
-  # Uncomment following lines to enable external syslog endpoint.
-  # external_endpoint:
-  #   # protocol used to transmit log to external endpoint, options is tcp or udp
-  #   protocol: tcp
-  #   # The host of external endpoint
-  #   host: localhost
-  #   # Port of external endpoint
-  #   port: 5140
 
 #This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
-_version: 2.0.0
+_version: 2.2.0
-
 # Uncomment external_database if using external database.
 # external_database:
 #   harbor:
@@ -148,13 +143,6 @@ _version: 2.0.0
 #     ssl_mode: disable
 #     max_idle_conns: 2
 #     max_open_conns: 0
-#   clair:
-#     host: clair_db_host
-#     port: clair_db_port
-#     db_name: clair_db_name
-#     username: clair_db_username
-#     password: clair_db_password
-#     ssl_mode: disable
 #   notary_signer:
 #     host: notary_signer_db_host
 #     port: notary_signer_db_port
@@ -170,7 +158,7 @@ _version: 2.0.0
 #     password: notary_server_db_password
 #     ssl_mode: disable
 
-# Uncomment external_redis if using external Redis server
+# Umcomments external_redis if using external Redis server
 # external_redis:
 #   # support redis, redis+sentinel
 #   # host for redis: <host_redis>:<port_redis>
@@ -184,7 +172,6 @@ _version: 2.0.0
 #   registry_db_index: 1
 #   jobservice_db_index: 2
 #   chartmuseum_db_index: 3
-#   clair_db_index: 4
 #   trivy_db_index: 5
 #   idle_timeout_seconds: 30
 
@@ -192,6 +179,7 @@ _version: 2.0.0
 # uaa:
 #   ca_file: /path/to/ca
 
+
 # Global proxy
 # Config http proxy for components, e.g. http://my.proxy.com:3128
 # Components doesn't need to connect to each others via http proxy.
@@ -201,11 +189,15 @@ _version: 2.0.0
 # Add domain to the `no_proxy` field, when you want disable proxy
 # for some special registry.
 proxy:
-  http_proxy:
+  http_proxy: 
-  https_proxy:
+  https_proxy: 
-  no_proxy:
+  no_proxy: 
   components:
     - core
     - jobservice
-    - clair
     - trivy
+
+metric:
+  enabled: false
+  port: 9090
+  path: /metrics